Friday, July 29, 2005

I'm still failing to decide what my first investment should be now that my trading account is open. One site I'm paying particular attention to is "The Watchful Investor". Perhaps because it reinforces my own prejudices, I find it a very enjoyable read.

There's too much good stuff in there for me to cover everything.

However, one theme he keeps referring to that I've not seen elsewhere is his claim (made in a style intended to imply it's fact and not opinion - look at the last paragraph of this post) that the UK is in recession. I suspect that the figures will, in retrospect, prove him to be correct. The amount of bad news (UK Retail figures.... large companies closing.... empirical evidence obtained by simply observing how many shops are closing down on the high street) means that things certainly are worse in the UK economy than the press admits. I wonder if the press is behind the ball on this or if I'm just being a little too pessimistic!

Thursday, July 28, 2005

I have to travel to San Francisco on Sunday for a series of meetings related to my Very. Secret. Project.

I'm flying with Virgin (woo!) For reasons I don't fully recall, I agreed to fly economy (how did I let that happen again?!)

Luckily, it's a full fare (B) ticket and so eligible for upgrading. I called Virgin yesterday to see how many miles I'd need to spend to get a better seat.

It turns out I had almost enough to fly Upper Class out and Premium Economy back. At this point I'm feeling very excited. Upper Class is very nice and Premium Economy is a lot better than coach.

Except.... I was 400 miles short :-( I started furiously scanning their website trying to figure out the cheapest way of quickly accumulating another 400 miles. I was so near...... I only need 400 more miles..... quick, quick.... buy something... anything!... get those miles!!

The thrill was short-lived. They didn't have any seats available anyway. Grrr!!

Wednesday, July 27, 2005

3com will pay for advanced, exclusive, information on security vulnerabilities and then make protection for these vulnerabilities available to its paying clients while they wait for the vendors to fix the problems properly.

Now, looking at this completely naively, it initially seems like a great idea. Assuming the good guys previously spotted problems, informed the vendors and then sat on their discoveries until they were patched, potential victims were wide open to attack by any bad guys who independently discovered the same flaws and started attacking them.

3com's little scheme puts them in the position of intermediaries who can solve this specific problem: the vendors still get notified, the information on the vulnerability is still secret but now subscribing clients can get protection against the risk that a bad guy will independently spot and exploit the problem.

What could be wrong with that?

Er... well. Let's first remember what the Law of Unintended Consequences tells us. Every action almost always has more then one consequence - most of them unexpected.

So - where are the problems in this scheme?

We've now created a market in vulnerabilities, with this critical knowledge potentially going to the highest bidder.

The money to pay for the vulnerability information is earned from selling protection services. Unscrupulous vendors have an incentive to cross the line from providing protection services to running a protection racket. This is since there is nothing to stop bad guys buying the vulnerability information in this new market we've created.

Taking it a step further, I imagine other entrants (or existing players) may soon get tired of the price inflation that will surely develop and decide to team together. We'll then have a de facto cartel... the security industry would have manoeuvred themselves into a position of privileged holders of vulnerability information.

I'm instinctively pro-market so I'm having a hard time getting overly upset by this but I do have some concern that this approach will herald the demise of Full Disclosure. This controversial practice does have value in certain circumstances and the creation of a market in such information will, I suspect, dramatically reduce the number of people distributing the material for free. (Of course, the existence of the Open Source community demonstrates that financial incentices are not the be-all and end-all).

If this initiative takes off, it could be a game changer. But I don't think anybody can tell yet whether it will be for good or ill...

(Thanks to Feedster, I discover Richard Bejtlich also has thoughts on this development)

Tuesday, July 26, 2005

As soon as I made my last posting, I remembered a comment I had to this posting. I was commenting on my experiences with various Blog search engines (Feedster, Technorati, Bloglines, etc, etc). I commented that only Technorati could find me.

Almost unbelievably, a co-founder of Feedster (J. Scott Johnson) not only found my posting but took the time to investigate my claim (I was partially wrong....) and comment on it. Wow. A leader who takes that degree of interest in how his company is perceived in the marketplace is one who will drive his company to success.

Unfortunately, Feedster is privately held so I can't invest. I'll still keep a close eye on it, though...

I looked at my savings recently and realised quite how little interest I was making on them. I took the decision some time ago to keep the majority of my assets in cash as I was planning on buying a flat at the time. I'd still like to buy somewhere but am happy to continue renting until property prices move back into line with reality.

So, it's time to make my money work harder for me. I've missed the chance to sign up for an equity ISA this year since I filled up a cash one at the start of the financial year.

Nevertheless, I signed up with www.squaregain.co.uk a week or so ago and my account became active over the weekend. My plan is to drip feed a chunk of money into the account each month and then make occasional purchases when I think I find an investment that I both understand and believe is trading at a realistic price.

I toyed with the idea of going further and opening an account that allowed me more flexibility to put money behind my opinions. Specifically, I seem to have stronger opinions on which stocks are likely to tank than those that are likely to soar. However, I think I'll hold off before exposing myself to the wonderful opportunities for loss that shorting, hedging and trading in derivatives offer me...

Once I finally take the plunge and make some purchases, I'll track my wins and losses on here....

Friday, July 22, 2005

When I first started blogging, I was always confused by the word "trackback" that I saw appear everywhere.

I still think it's mis-titled.... it should be called something like "Tell Me You Linked To Me!"

Anyhow, for some reason, Blogspot / Blogger don't support them.

But now, Haloscan are offering a service that lets you add support for yourself. Neat!

I think Trackbacks are probably an interim solution until the search engines are quick enough and thorough enough to track the web of links more comprehensively but that's no reason not to use them in the interim.

Robert Scoble (who else) is doing some great work right now identifying which of the plethora of new blog search engines are up to the job.

His techniques are rather crude (he finds an interesting post and asks each of the search engines under consideration to tell him how many people they think are linking to it) but it's a valuable experiment nonetheless. (I say it's crude because I'm not sure he gives engines any credit for relevance or quality but, as a first order approximation, it'll do just fine)

It's clear that searching blogs successfully requires a different set of algorithms to a "regular" search engine - the discrepancies amongst the "pure play" engines (and the lag that the "heritage" engines exhibit) is proof of that. But for mainstream acceptance, people aren't going to accept one search provider (Google) for the web and another (who??) for blogs. They have to converge.

However, Scoble points to this article which suggests that there are yet more blog search engines readying themselves in the wings. This is an example of the Creative Destruction that capitalism excels as... consolidation will follow. But the question in my mind is: which of them are going to win when things do begin to shake out?

It's obvious that they're not all going to be the next Google. Indeed, I don't think *any* of them will be the new Google. A common exit strategy in a business plan is to be bought by a bigger player in your industry. I wonder which of Technorati, Pubsub, Bloglines, Feedster et al are playing that game? I'm not sure the opportunity is large enough for me to want to be the guy playing the "independent; organic growth" game when my competitor gets bought out by Yahoo.

How many of them will make the crossover from "great technology; too geeky" to something I could recommend to my friends and family? Right now, there are none that I feel able to recommend to friends when they ask "how can I find interesting blogs" or "who is linking to me?" When one emerges that *does* fit the bill, things will begin to hot up.

Right now, it's fun to watch but I don't have the time to try ten different sites, each of which is inadequate in an excitingly different way...

Interestingly, I did a quick search for my blog and only Technorati (out of the ones I tried) could find me. It appears that I am an "IBM UK Blogger". http://www.computerworld.com/blogs/node/484. I suppose that's technically true but there's nothing official about this...

Thursday, July 21, 2005

Number 1 (in a series of 1) of special guest features on my blog, Alan is a consultant with deep middleware expertise. I never fail to learn something when I speak to him, yet he is one of the most modest people I've had the pleasure to work with. I didn't even know he held a doctorate until I stalked him on Google. He claims to read my blog... let's see if that's true.... :-)

I like to think of myself as an Early Adopter. In reality, I'm probably a "Fast Follower", at best.

Take Google Maps. I finally installed it a couple of days ago.

Wow..... I'm in love!

I've downloaded a few overlays and other pieces from www.googleearthhacks.com and will have a play when I get more time.

One recurring theme I've heard when I've shown Google Earth to friends and colleagues has been an incredulity at how they manage to do it.... how do they keep on producing so much cool stuff when everybody else seems so slow and lumbering?

There are obvious answers, of course: it's easier to build something brand new from the ground up than it is to incrementally improve and maintain existing software, for example.

However, it also helps if the stuff you do is closely tied to your business model. I had a look at Google's annual report (http://investor.google.com/pdf/2004_AnnualReport.pdf). The first thing that struck me was how readable it is. I wouldn't call it a page-turner but it was very clear and well-written.

The key thing is the section on their business model: 97% of their revenues are due to advertisements. That makes investment decisions pretty simple, one would imagine. It also explains how they can justify not only producing Google Earth, but giving it away for free. I mean: imagine if everybody had a copy installed and they continued upgrading the images so that they were all of the quality of San Francisco's imagery at present. It would be a no-brainer to consult Google Maps before embarking on any journey of any sort. And, of course, Google would conveniently provide targetted, location based advertisements in a subtle and convenient manner.

Two other things interested me in their report. The first was their honesty in admitting that advertising was not their original business model (those of us who remember a few years back will remember that it was selling search services to other companies and web sites).

The second thing - and this is a calculation I like to do a lot when evaluating companies - is their revenue (and income) per employee.

Now look at Google. They have revenue of about $3.2bn, income of about $400m (2004 figures) and how many employees? 3021. That's revenue of about $1 million per employee and income of $132k per employee.

So, even if Google Earth wasn't a promising new route to revenue, their profitability is more than sufficient to allow them to build as many toys as they like :-)

Note: Just as I am not a spokesman for IBM, I am not somebody you should take financial or other investment advice from. Don't blame me if I've got these numbers wrong.

It's interesting to see that they believe IBM's ability to execute is greater than Microsoft's - but that their vision is more complete. I'm not sure how true that is - but it is true that I need to read up on Indigo...

Sunday, July 17, 2005

I love reading Raymond Chen's blog. He knows (or has access to) so many fascinating facts about how Windows really works.

His current article explains a reall cool (or horrible, depending on your perspective) hack they had to put into Windows versions from '95 onwards to support long file names. I hadn't even considered this problem until now.

I find this story very interesting. Objectively, having metadata "quarks" hanging around the place to allow you to patch up after applications have recreated a file but not fixed everything up properly is one of those things that just feels "wrong". But I'm inclined to believe him that it was the only way to crow-bar long file name support onto a legacy platform in any kind of useful fashion.

Larry Osterman's blog often talks about these kinds of tradeoffs too. In his case, he shows a deep grasp of the business issues facing a software company. If something has to be done --- or your product will fail in the marketplace --- then you must swallow your pride, hold your nose, implement the hack (as best you can) and manage the consequences as they inevitably come along and bite you.

I see less of this in the products I work on. However, I'm not clear whether that's good or bad. It's certainly a better sales pitch to clients who don't need the XYZ feature - we have a well-architected solution that won't surprise you. And it's certainly better for our development teams - they undoubtedly would have less "junk" hanging around the code base. But does it mean we're missing out on opportunities that we really shouldn't be?

I wonder... I can think of one REALLY cool feature that lots of my clients clamour for but which we simply don't offer them in our Business Integration products. Indeed, the developers I've spoken to are quite aggressive in their insistence that the request is bone-headed. Yet - I (and my clients) know full well that the request does make sense in certain limited cases and would be enormously useful. It's just that implementing it would be so difficult, result in so many hacks and present the users with multiple limitations that it doesn't seem like a good idea to do. And yet....

From demonstrating that Roe vs Wade was responsible for the precipitous decline in violent Crime in America in the 90s to claming that naming a child "OrangeJello" doesn't harm a child's future prospects - they would have been grim anyway - the book has assaulted me with more fascinating insights into the world that I would have thought possible. I found it absolutely fascinating.

The book skates close to the edge in places (encouraging the reader to value the life of a foetus... suggesting you send your child to play in the garden of the family who own the gun...) but that only made me enjoy it more :-)

Saturday, July 16, 2005

It is with shame that I admit my only knowledge of Kafka was gained from listening to conversations I didn't really understand at College. However, I think reports of his demise may have been premature. He is alive and well and working for Experian.

The are one of the top two credit reference agencies in the UK. (The other being Equifax).

This story begins with my bank. I hold one of their Visa credit cards. I tend not to carry any balance on my credit cards but use them to bridge a gap between business expenses being incurred and being reimbursed into my account or when I want the protection provided by the UK's Consumer Credit Act.

They wrote to me a couple of months ago telling me my credit card would be cancelled because it was too much effort for them to upgrade their systems to support Chip and Pin. (Don't ask... it's a story in itself)

This meant I needed to apply for a Visa or Mastercard somewhere else. I have a personal Amex but it's not as widely accepted and there are many online retailers who only accept Visa and Mastercard (Experian being one but let's not go there just yet...)

So.... I did some research. Since I don't carry any balance on my cards, the interest rate or balance transfer features were unimportant to me. This meant I was free to optimise the only variable that actually matters in a credit card..... how good it looks.

I found a provider of good looking Visa cards and applied. After I had heard nothing for two weeks, I called them to check on progress - to be told that they had rejected my application. I just don't understand it. I'm nice. I say 'please' and 'thank you'. I smile at strangers. Of course, I also represent zero opportunity for them to make money - but it seems a little unreasonable of them to take that into consideration.

Nevertheless... they told me that they use Experian as their credit agency so I decided to get hold of my credit report from them.

This is where the fun started...

Rewind 6 months. At Christmas, I signed up to both Equifax and Experian to look at my credit reports. They were both offering 30 day trials for their premium services that allowed you to produce reports online and get notifications if anything bad happened. (One can get a full dump of the information they hold about you for £2 but this was billed as being quicker and provided more value).

Equifax were a joy to use. They had a really cool sign up procedure that allowed them to determine that I really was who I said I was. They had figured out that they could use their extensive information on me to "quiz" me on my financial history. If they asked enough obscure questions they could be sure that only the "real" Richard Brown would be able to get them all correct. They varied from "which of the four following providers have you banked with?" to "Which month did you sign up with XXX credit card company?" So you see: the second question was quite hard. If you don't keep good notes or have a good memory, you'll fail and have to resort to sending in copies of bills and things.

However, if you do get the questions right, you can get instant access and it's super. Equifax are one of my favourite ever companies as a result. Hurrah for Equifax, I say!

Experian's website, however, isn't in quite the same league.

Their sign up website is very poorly designed (e.g. it assumes all area codes are four digits long. London's area code is 020. As you can tell, that is just three digits long. Perhaps it's because they're based in Nottingham - area code 0115) Note: I've told them about the problems... I'm not just moaning without trying to help them fix it :-)

Anyhow, at the end of the sign-up, the browser waits for a bit and then tells me I must send in a pile of bills and bank statements which they will review. And then they will write back with a password for the website. Jeez!

Like, I imagine, many users of their service, I didn't bother sending in my forms.

Fastforward back to today... I now need Experian's services so I sign up again. I moved flat a couple of months ago so sign up with the new address and tell them what my previous address was. Instantly their system detects I have an old application and it tells me it's still waiting for my paperwork. Very good!

So I send in my paperwork. Of course, there's a problem now. My paperwork proves I live at my new address but their system is waiting for proof that I live at my old address.... Needless to say, they can't handle it and I still don't have access to their site, after a week of phonecalls.

In the meantime, my £2 statutory report (which required no proof of address at all....) arrived this week and told me everything I needed to know anyway.

As I should have guessed, applying for a credit card immediately after moving house, when I wasn't yet on the Electoral Roll, with a credit history showing a tendency to pay bills in full and on time was enough for any provider to turn me down: "If he is who he says he is, there's no way we can make money out of him but in any case we're not sure he is, anyway, since he moves house so often. Turn him down".

Postscript: There is a reason for documenting this story. And it relates to my area of expertise. One can think of Experian's sign up process as a long-running business process. There are some automated and human-based tasks at the start and then the process sleeps, waiting for an event (the arrival of the paperwork) before it progresses to activating my trial. The reason why it interests me is that the problem I experience last week was entirely due to a flawed choice of correlation variable. They had decided that my name and address were sufficient to allow the incoming paperwork to be matched to the slumbering process instance. Since they believed this was a safe thing to do, they didn't assign a reference number or tracker. My moving house meant that my incoming docs didn't match the process that was waiting for them and so they were put into a holding "pen" and the sign-up process was left perpetually marooned.

The IBM products I specialise in are the market leaders in their segments. They are also technically advanced and highly functional... in other words, they have reached their top due to both assured sales & marketing and technical supremacy.

Clients are building valuable solutions... betting their businesses on them.

Yet... with the exception of the WebSphere MQ family of products (who have a thriving community here), one doesn't see much discussion of the products by the media or other "thought leaders" in our space.

It is unusual to see a think-piece about integration in the online magazines, for example - and the articles one does read are either verbatim copies of press releases or so shockingly ill-informed as to be useless or dangerous.

Is this just what one should expect when working in a somewhat "niche" area of our industry or does it reflect a failure of us (myself included) to engage the wider world?

When I think back to my childhood and the long summers where we seemingly did nothing all day except play with our friends and laze about, I can vividly remember the days when the ants grew wings and flew.

I remember sitting in the front garden and watching the ants emerge from the various holes they had dug between the paving stones and garden steps, unfurl their wings and start to fly (usually crashing straight back down to earth).

Well, today seems to be flying ant day in London.

We spent most of the afternoon on Parliament Hill, enjoying the gorgeous weather with Strawberries and Champagne, sunscreen and the Observer. The views over London are spectacular... you can see the towers of Canary Wharf and The City facing each other off in their never-ending feud for supremacy... you can see the tips of the crown of the dome... the BT tower... the London eye....

We took the North London Line back to mine... big mistake. Crowded, slow, late. Just grim :-(

At Canning Town, I saw the first flying ants (there were none on Hampstead Heath... it must be an East London thing).... the DLR platform was swarming with them.

Hmmm.... potential employers, clients and lovers could find one's online musings and draw conclusions from what they read. Shocked. I'm truly Shocked. You'll be telling me people form opinions based on first impressions next. I was going to publish company confidential information, libel a celebrity and post naked pictures of myself* but this article has made me think twice.

The hilarious thing is the collection of comments on Metafilter. Summary: "I deserve the right to broadcast my innermost thoughts and most personal details to the world and not have other people read them and form an opinion of me based on them". Fools.

* the unfortunately composed photograph of my Vegas bathroom does not count. It was a trick of the light.

Courtesy of Microsoft's excellent Robert Scoble (who is an amazing double of IBM's very own Lee Hollingdale, now I come to think about it...) , something to mess with any preconceived ideas of what a user interface should look like. Remember, don't click it!

Friday, July 08, 2005

I know I shouldn't get wound up by press inaccuracy... but I'm always jolted when I see something on the news that I know to be manifestly false.

You can forgive some mistakes (especially when made under the pressure of an event such as yesterday's).

An example was the repeated claim that the mobile phone networks were blocking access to all but emergency services... I even saw reputable news outlets claiming that the networks had been switched off in case the terrorists were using cell phones to trigger bombs. I mean... why don't we just turn off the lights and cover the town with a blanket in case they want to use the benefit of light to locate the detonators. I suppose we could also flood all the tube tunnels so no bomb can explode.... The fact that my phone - and those of everyone else I know - worked all day (I was in Central London) seems to have passed them by. Yes - sometimes we couldn't make calls. Perhaps that was because the networks were so busy with people calling each other to ask if they were ok. There really isn't a conspiracy here...

That was a minor annoyance compared to the woeful coverage of the Aldgate bomb. I can only assume that journalists travel everywhere by cab and never use the tube.

If I hear another reporter telling me the explosion occurred on a Circle line train between Liverpool Street and Aldgate East - or on a Hammersmith and City train between Liverpool Street and Aldgate, I'm going to scream.

Do you see the circle line passing through Aldgate East? No. Me neither.

Guys: checking facts about casualties, times, causes,..., during an emergency of this scale is difficult and we expect confusion and corrections. But when you only have to look at one of the most well-known maps in the world to realise you're talking manifest rubbish, there really is no excuse for such sloppiness.

I understand from friends that what actually happened was that it was an H&C train between Liverpool Street and Aldgate East - but that victims were evacuated through Aldgate station (which is very close to Aldgate East and was the best route out.) So I can see where confusion would stem from... but when you get conflicting information and have an authoritative resource that can help you rule out the nonsense, it's really not hard to figure out what to do.

Laughably. the BBC even showed the Hammersmith and City Line travelling north from Baker Street all day (hint: it goes to Hammersmith. The clue is in the name, guys...).

Thursday, July 07, 2005

The first inkling I had that something was going on was when my DLR train to Bank was diverted to Tower Gateway (at around 08:50 - I was running slightly late to work)

Initially, I thought the problem was localised to Bank so I alighted at Shadwell with the intention of getting the East London Line and Jubilee Line to Waterloo to get to work.

Shadwell tube was closed so I took another DLR to Tower Gateway. Tower Hill tube was also shut. I thought this was due to overcrowding so I toyed with the idea of going to Aldgate to get the train before it arrived at Tower Hill.

In the event, I took the RV1 bus from Aldgate to the South Bank. It never occured to me that the bus could have exploded...

The ATM by my nearest train station has been out of service for a few weeks now.

The interesting thing is the reason why:

It looks like the entire card reader assembly has been removed.

The question is: why?

As users are getting more savvy - and suspicious of odd-looking attachments on ATMs, the easy ways to attach malicious card readers are drying up.

Perhaps this was simple vanadlism... or perhaps it was a reconnaissance mission ("what does the inside of the machine look like?")... or perhaps it was a shopping expedition by somebody who needed a real Woolwich Link ATM card reader. Who knows....